package com.colabo.j2ee.web.oaf.security.impl;

import java.util.Collection;
import java.util.List;

import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;

import com.colabo.j2ee.web.core.vo.RecordObject;
import com.colabo.j2ee.web.oaf.security.model.ResourceAuthorityModel;
import com.colabo.j2ee.web.oaf.security.model.UserDetailsModel;
import com.colabo.j2ee.web.oaf.vo.IPResUrlVO;

public class UrlVoter implements AccessDecisionVoter {
	private boolean enabled = true;

	public boolean isEnabled() {
		return enabled;
	}

	public void setEnabled(boolean enabled) {
		this.enabled = enabled;
	}

	public boolean supports(ConfigAttribute attribute) {
		return true;
	}

	public boolean supports(Class clazz) {
		return clazz.isAssignableFrom(FilterInvocation.class);
	}

	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
		if (!enabled) {
			return ACCESS_GRANTED;
		}

		UserDetailsModel model = (UserDetailsModel) authentication.getPrincipal();
		if (model.isGod()) {
			return ACCESS_GRANTED;
		}

		String url = ((FilterInvocation) object).getRequestUrl();

		int end = url.indexOf("?");

		if (end > 1) {
			url = url.substring(0, end);
		}

		List list = (List) model.getUrlAuthorities();
		if (list.contains(url)) {
			return ACCESS_GRANTED;
		}

		return ACCESS_ABSTAIN;
	}

	protected boolean voteUrlStrict(Authentication authentication, String url) {
		RecordObject vo;
		IPResUrlVO urlVo;

		UserDetailsModel model = (UserDetailsModel) authentication.getPrincipal();

		Collection<GrantedAuthority> list = model.getAuthorities();
		for (GrantedAuthority grantedAuthority : list) {
			if (!(grantedAuthority instanceof ResourceAuthorityModel)) {
				continue;
			}
			vo = ((ResourceAuthorityModel) grantedAuthority).getResource();
			if (!(vo instanceof IPResUrlVO)) {
				continue;
			}
			urlVo = (IPResUrlVO) vo;
			if (url.equals(urlVo.getUrl())) {
				return true;
			}
		}

		return false;
	}

	protected boolean voteUrl(Authentication authentication, String url) {
		RecordObject vo;
		IPResUrlVO urlVo;

		UserDetailsModel model = (UserDetailsModel) authentication.getPrincipal();

		int end = url.indexOf("?");
		if (end < 1) {
			end = url.indexOf("%3F");
		}
		if (end > 1) {
			url = url.substring(0, end);
		}

		Collection<GrantedAuthority> list = model.getAuthorities();
		for (GrantedAuthority grantedAuthority : list) {
			if (!(grantedAuthority instanceof ResourceAuthorityModel)) {
				continue;
			}
			vo = ((ResourceAuthorityModel) grantedAuthority).getResource();
			if (!(vo instanceof IPResUrlVO)) {
				continue;
			}
			urlVo = (IPResUrlVO) vo;
			if (url.equals(urlVo.getUrl())) {
				return true;
			}
		}

		return false;
	}
}
